MAC address

Function in the network

The MAC address is assigned to the data link layer (layer 2) of the OSI model ; In the OSI model extended by the  IEEE , it is assigned to the Media Access Control sub- layer (Layer 2a). To the data link layer with the next higher layer, the network layer , to be connected, is z. B. in the case of Ethernet, the Address Resolution Protocol is used in the context of  IPv4 . In  IPv6 , a new protocol takes over this function, the Neighbor Discovery Protocol  (NDP).

Bridges and switches examine the data link layer packets in order to physically divide the network into several collision domains, but they do not actively participate in the communication themselves, so they do not need a MAC address for these basic functions either. However, a switch requires a MAC address if it is administered via the computer network itself or if it offers monitoring services (e.g. via Telnet , SNMP or HTTP ). A MAC address is also required when bridges or switches use the spanning tree algorithm to avoid loops in redundant computer networks.

Form (syntax)

In the case of Ethernet networks, the MAC address consists of 48  bits or six  bytes . The addresses are usually written in hexadecimal .

A byte-by-byte notation is common, the individual bytes being separated from one another by hyphens or colons, e.g. B.

• 00-80-41-ae-fd-7e
• 008041-aefd7e or
• 00:80:41:ae:fd:7e.

Information such as

• 008041aefd7e or
• 0080.41ae.fd7e.

However, the order of the characters is not the same in all applications. A distinction is made here between the canonical and the "bit-reversed" representation. The canonical form is preferred for representations.

Canonical representation

The usual representation of MAC addresses, as it appears, for example, in the output of ipconfig / ifconfig , is also referred to as canonical format (“canonical form”, “LSB format” or “Ethernet format”). It specifies the order in which the address is transmitted in IEEE 802.3 (Ethernet) and IEEE 802.4 (Token Bus). Here the transfer with the least significant bit (starts Least Significant Bit , LSB) of an octet (the exception is the Frame Check Sequence , FCS).

Bit reversed representation

IEEE 802.5 (Token Ring) and IEEE 802.6 start the transmission with the most significant bit (MSB, most significant bit ). This can easily lead to misunderstandings if it is not specified whether the reference is made to the canonical representation in normal byte representation or the inverse bit transfer representation. An address whose canonical form 12-34-56-78-9A-BCis, for example , is used in standard transmission (LSB first, means: read from right to left) on the line in the form of

01001000 00101100 01101010 00011110 01011001 00111101Transfer bit sequence .

In token ring networks (MSB first means: read from left to right, i.e. in natural language), the transmission would take the form of

Bit sequence 00010010 00110100 01010110 01111000 10011010 10111100take place.

If this is not consistently observed when converting the bit sequences into the canonical representation, z. B. the latter representation can be incorrectly interpreted as 48-2C-6A-1E-59-3D(LSB first).

The representation in token ring networks is then referred to as "bit reversed order", "non-canonical form", "MSB format", "IBM format", or "token ring format" as listed in RFC 2469 .

function

MAC addresses in an Ethernet Type II frame

In each frame according to the Ethernet II variant, the MAC address of the recipient and the sender is first transmitted before the type field and the data. Receiver and sender must be part of the Local Area Network (LAN). If a packet is to be sent to another network, it is first sent to a router at the Ethernet level . This analyzes the data on the subordinate layer and then forwards the packet. To do this, it generates a new Ethernet frame if the neighboring network is also an Ethernet. To do this, a router replaces the MAC addresses, i. H. when router R1 receives an Ethernet frame and is to pass it on to router R2, R1 replaces the source address with its own MAC address and the destination address with the Mac address of R2.

Pseudo receiver "broadcast address"

Ethernet broadcast frame

The MAC address with all 48 bits set to 1 ( ff-ff-ff-ff-ff-ff) is used as the broadcast address that is sent to all devices on a LAN. Broadcast frames are not transmitted to another LAN without special measures.

Special identifiers

Structure of a MAC address

Recipient group

The least significant bit (Engl. Least Significant Bit , LSB ) of the first byte (bit 0) indicates a MAC address, if there is a single address or group address (I / G Individual / Group). With a broadcast or multicast , I / G = 1 is set, otherwise and with source addresses I / G = 0.

In short: I / G is

• 0 for I (individual) or
• 1 for G (Group).

Most protocols that work on OSI Layer 2 have special MAC addresses, so-called MAC multicast addresses. The VLAN Trunking Protocol, for example, uses the address 01-00-0C-CC-CC-CC. This means that a frame is addressed to all switches at the same time. There are also whole groups of MAC multicast addresses: The TRILL protocol, for example, uses 01-80-C2-00-00-00 to 01-80-C2-00-00-0F, among others. Other protocols also have special, permanently assigned MAC addresses.

Registry

The following 2nd bit (bit 1, called U / L for Universal / Local) indicates whether the MAC address is globally unique ( Universally Administered Address (UAA); U / L = 0) or is administered locally and only there is unique ( Locally Administered Address (LAA); U / L = 1).

In short: U / L is

• 0 for U (universal) or
• 1 for L (Local).

Manufacturer IDs

In the next 22 bits (bits 2 to 23) one of which is IEEE assigned manufacturer code (also OUI - O rganizationally U nique I dentifier called) described, which are largely viewed in a database. The remaining 24 bits (bits 24 to 47) are specified individually for each interface by the respective manufacturer. For example Compaq has an OUI with the address 00-50-8b. Compaq may use all available addresses within this OUI, i.e. 00-50-8b-xx-xx-xx. This results in 2 ²⁴ = 16777216 (16.8 million) individual addresses.

In addition to the OUI, there are two smaller address areas:

• an OUI-28, or MAC Address Block Medium (MA-M), consisting of 28 bits
• an OUI-36, or MAC Address Block Small (MA-S), consisting of 36 bits

These are intended for private individuals and smaller companies and organizations that do not need as many addresses. The OUI-36 address begins with 36 bits that are assigned to an organization. This means that the address area within bits 11 to 0 remains usable, which means that 2 ¹² = 4096 individual addresses are possible. The MA-M are uniquely identified by 28 bits and with the remaining 20 bits result in: 2 ²⁰ = 1,048,576 individual addresses according to EUI-48 . More devices can be addressed when using the EUI-64 .

Theoretically, the addresses of the interfaces of every network-compatible device should be uniquely pre-assigned worldwide (but individual cases have already become known in which two network cards in the same network had identical MAC addresses, which initially led to completely inexplicable errors). This can be used to automatically configure devices and is used by protocols such as RARP , BOOTP and DHCP . However, the software also often supports being able to use any value as a MAC address. This is used, for example, in backup systems where replacement devices can take over the MAC address of a failed device.

Some software uses the MAC address of the first network card to identify the computer on which licensed programs are allowed to run. The calculation of a universal identification ( UUID or GUID ) also uses this MAC address along with other parts. However, since the MAC address can be changed, security experts advise against using the MAC address as the sole authentication criterion.

Manufacturer-independent identifiers

In addition to the top four bits, which are always 1110 for an IPv4 multicast address, 5 bits of the IP address remain that cannot be mapped in the MAC multicast address. This makes it possible for a host to receive MAC multicast packets from a multicast group to which it does not belong. These packets are then discarded by the IP layer, since recognition based on the IP multicast address is possible there.

The MAC address range 33-33-xx-xx-xx-xx was reserved for IPv6 multicast. The lowest 32 bits of the IPv6 multicast address are embedded in the MAC address.

Trip hazard: "PRIVATE" label

The manufacturer AC-DE-48IDs , which - for example - have been marked as "PRIVATE" in the OUI database, are registered for companies that do not want to disclose their identity to the public. Addresses from these areas can therefore not be used for local purposes, as one would assume. (The "U / L address bit" described under " Registration office " is used for local purposes .)

Determination and award

Often the MAC address, partly integrated in the serial number , is on the network card. They can also be read out using software. Depending on the operating system , various commands are required in the command line or via the graphical user interface . But there are also various additional programs that can simplify these tasks.

Acquisition of your own MAC address space

Prices for registering your own MAC address ranges can be viewed on an IEEE website. A separate MAC address block costs between 730 and 2905 US dollars (as of June 5, 2019). This address range can also be kept secret for an additional annual fee; he is then not known to others and you are not entered in a public database.

Further use

The MAC address is often used as access protection ( MAC filter ) for LANs and WLANs. Due to the fact that MAC addresses can easily be changed, a MAC filter offers only weak protection and can easily be overridden by MAC spoofing .

Individual evidence

Web links

• Current OUI list (CSV format). Retrieved December 21, 2018 . 
• RFC2469 : A Caution On The Canonical Ordering Of Link-Layer Addresses. Retrieved December 21, 2018.